应用 | IP地址 | 网关 | Vip | 公网地址 |
Virtual IP | 10.0.1.100 | 119.188.13x.x(网通nat) 218.98.3x.20x(电信nat) | ||
10.0.1.101 eth0 | 10.0.1.254 | |||
Lv(slave) | 10.0.1.102 eth0 | 10.0.1.254 | ||
Real-server | 10.0.1.103 eth0 | 10.0.1.254 | 10.0.1.100 lo:0 | |
Real-server | 10.0.1.104 eth0 | 10.0.1.254 | 10.0.1.100 lo:0 | |
Virtual IP | 10.0.1.200 | 119.188.13x.4(网通nat) | ||
Real-server | 10.0.1.105 eth0 | 10.0.1.254 | 10.0.1.200 lo:0 | |
Real-server | 10.0.1.106 eth0 | 10.0.1.254 | 10.0.1.200 lo:0 |
1、安装LVS
rpm -ivh ipvsadm-1.24-13.el5.x86_64
2、ipvsadm检查安装
3、lsmod |grep ip_vs检查是否加装ip_vs模块
4、realserver真实节点服务器配置(103、104配置相同)
vi/etc/init.d/lvsrsdr
#!/bin/bash
#description : start realserver DR
VIP=10.0.1.100
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo "start LVS of RealServer DR"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
;;
Stop)
/sbin/ifconfig lo:0 down
echo "close LVS of RealServer DR"
echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 {start|stop}"
exit 1
esac
脚本可执行模式
启动脚本(以服务方式启动)
5、realserver真实节点服务器配置(105、106配置相同不同于103、104vip地址不同)
vi/etc/init.d/lvsrsdr
#!/bin/bash
#description : start realserver DR
VIP=10.0.1.200
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo "start LVS of RealServer DR"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
;;
Stop)
/sbin/ifconfig lo:0 down
echo "close LVS of RealServer DR"
echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 {start|stop}"
exit 1
esac
LVS高可用配置
1、下载安装(Master和Backup都必须安装Keepalive)
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
tar zxvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure
make
make install
2、将Keepalived以服务启动(Master和Backup同时配置)
cp /usr/local/etc/rc.d/init.d/keepalived/etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived/etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf/etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
chkconfig --add keepalived
service keepalived start|stop
3、配置MASTER
cp /etc/keepalived/keepalived.conf/etc/keepalived/keepalived.conf.bak
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.1.100
10.0.1.200
}
}
virtual_server 10.0.1.100 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server10.0.1.103 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server10.0.1.104 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.0.1.200 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server10.0.1.105 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server10.0.1.106 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
3、配置BACKUP
vrrp_instance VI_1 {
state BACKUP
interfaceeth0
virtual_router_id 51
priority 99
总结:
一个公网IP映射给内部vip(既vip和web集群为一个网段),VS/DR 通过改写请求报文的MAC地址(改为选出服务器的MAC地址),再将修改后的数据帧发送给选出的web服务器。因为数据帧的MAC地址是选出的服务器,所以服务器肯定可以收到这个数据帧,从中可以获得该IP报文。当服务器发现报文的目标地址VIP是在本地的网络设备上(lo:0口),服务器处理这个报文,然后根据路由表将响应报文直接返回给客户,既应用服务器执行相应操作后,通过lo:0口(也就是vip的地址已经通过nat可出访外网),将结果返回给客户,这也就是为什么整个的架构中,仅需vip有公网IP,然后通过防火墙将公网IP做映射到私网vip即可.
客户端抓包:
客户端IP在通信过程一直是vip(实际是vip中的一台realserver!),所以这台realserver依旧通过vip的地址将请求转给客户端!如果vip是公网IP,那realserver也会通过这个公网IP将请求发给客户!
tcpdump -i eth0 tcp port 80
tcpdump |grep http
web服务器抓包:
客户端IP一直与vip通信,realserver也是将自己当成vip来处理数据。
DR模式,注意DR模式不支持端口重定向,VIP监听的port必须与rs服务监听的port一致
转载于:https://blog.51cto.com/250688049/1264712
433
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
